PT-2015-3267 · Icu+5 · International Components For Unicode+5

Publicado

2015-01-21

Atualizado

2024-06-15

CVE-2014-7940

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions International Components for Unicode (ICU) versions 52 through SVN revision 293126 Google Chrome versions prior to 40.0.2214.91

Description The issue is related to the collator implementation in the International Components for Unicode (ICU) library, which does not properly initialize memory for a data structure. This can be exploited by remote attackers using a crafted character sequence, potentially leading to a denial of service or other unspecified impacts.

Recommendations For International Components for Unicode (ICU) versions 52 through SVN revision 293126, update to a version after SVN revision 293126 to resolve the issue. For Google Chrome versions prior to 40.0.2214.91, update to version 40.0.2214.91 or later to fix the problem.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALT-PU-2015-1098

BDU:2016-01659

CVE-2014-7940

DLA-219-1

DSA-3187-1

MGASA-2015-0047

OPENSUSE-SU-2015_0441-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2015:0093

RHSA-2015_0093

USN-2476-1

USN-2522-1

Produtos afetados

Alt Linux

Google Chrome

International Components For Unicode

Red Hat

Suse

Ubuntu

PT-2015-3267 · Icu+5 · International Components For Unicode+5

CVE-2014-7940

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2521